Bypassing Physical Security Systems

If you have a question about this talk, please contact Joseph Bonneau.

The presentation will include a detailed review regarding the protection of high security facilities, including airports and aircraft, power transmission facilities, and computer server rooms. The emphasis will be on liability and security issues that may result from an undue reliance on certain high security locking systems and technology. I will discuss a number of misconceptions and why these facilities may be at risk, even with some of the most sophisticated physical access hardware and software.

Specific problems inherent in conventional locking hardware will be the primary focus, together with an analysis of high security mechanical locks and electronic access control systems produced by many of the Assa Abloy companies. These technologies include the Cliq, Logic, and NexGen among others. The representations of certain manufacturers will be analyzed, and potential vulnerabilities in these high-tech systems will be explored, together with the liability that may flow to users if these systems are circumvented.

Since the publication of OPEN IN THIRTY SECONDS , which details the compromise of Medeco high security locks (2008), intensive research has been on-going in the U.S. and Europe regarding the security of different electronic access control systems. The results will be included in the new supplement to our book. These potential security issues will be examined in Dubai and will be explored in depth in the upcoming supplement, and later this year in future presentations.

Ross Anderson wrote the forward for Mr. Tobias’ book, which can be purchased here: